Short answer: No. HIPAA-compliant fax service on Fax.Plus requires an Enterprise plan with a signed Business Associate Agreement (BAA) and the proper security controls enabled.
Why HIPAA needs Business or Enterprise
HIPAA compliance for fax requires several things that aren't available on Free, Basic, Premium or Business:
- A signed BAA - only available with Enterprise plan.
- Advanced Security Controls - only available on Enterprise.
- Audit logging - required by HIPAA, only available on Enterprise.
- Multi-user access controls with role-based permissions - only on Enterprise.
- Data residency options for organizations that require US-only data hosting - only on Enterprise.
If you transmit Protected Health Information (PHI) without a BAA in place, neither side is compliant with HIPAA.
What plans are HIPAA-eligible
- Free, Pay-As-You-Go, Basic, Premium or Business: Not HIPAA-compliant. Do not use for PHI.
- Enterprise: HIPAA-compliant. Includes additional features like dedicated audit trails and data residency.
How to upgrade to a HIPAA-compliant plan
- Upgrade to an Enterprise plan in Settings → Plan & Billing.
- Once on the new plan, enable Advanced Security Controls in Settings → Security.
- Request a BAA: see HIPAA BAA status meanings.
- Once your BAA is Signed and security controls are enabled, you may transmit PHI in compliance with HIPAA.
"I'm a small practice and Enterprise is too expensive"
We understand HIPAA-compliant fax has a higher cost than basic fax service. The cost reflects the security controls, audit infrastructure, and BAA legal coverage required by federal law.
If you handle PHI infrequently and the Enterprise plan is genuinely out of reach, consider:
- A different vendor specifically targeted at small healthcare practices.
- A traditional fax line through your existing telecom provider, which may be HIPAA-compliant via your BAA with that provider.
- Using a HIPAA-eligible Enterprise plan only for PHI faxes, and a different (non-Fax.Plus or Free) tool for non-PHI use cases.
What if I've already sent PHI on a non-eligible plan?
We are not your legal advisor on HIPAA compliance and recommend consulting your compliance officer or HIPAA attorney for breach handling.
I'm a covered entity / business associate. Are you HIPAA-certified?
There is no formal HIPAA certification (HIPAA doesn't have a certification program). Fax.Plus, on Enterprise plan, complies with HIPAA's technical safeguards. We sign BAAs with covered entities and business associates. Visit our HIPAA compliance page for details.